A policy implemented at Caesar’s Palace in the wake of last October’s shooting that allows hotel security to spotcheck the room of guests who’ve rejected housekeeping services has prompted the head of security operations of Def Con, which held its conference in the hotel last week, to offer his resignation.
In an open letter to fellow hackers, Marc Rogers, vice president of cybersecurity for Okta, said he was unaware of the policy adopted in January and offered to step down. “So I offer you my resignation. By not being aware of Caesars’ statement I failed you. I WILL not let this happen again,” Rogers wrote. “However if you no longer feel I am the man to defend you, my community, then I will leave. I suspect much of my team will leave too but….plus ça change.”
Caesar’s Palace implemented the policy as did other casinos and resorts after Stephen Paddock brought an arsenal of weapons and ammunition into his suites at the Mandalay Bay hotel and used them to kill 58 people and injure 869 others attending a concert in the open field across from the hotel. Paddock, a well-known high roller in Vegas, had refused housekeeping services while he build his bunker high atop the 32nd floor and plotted his shooting spree.
Rogers told fellow hackers if he had received the hotel’s notification, “in the interest of transparency, I would have informed you all. After all, that’s EXACTLY why I started the DEF CON transparency report. The timing of it looks odd.”
Luta Security CEO Katie Moussouris tweeted she “had the Do Not Disturb sign off & two different members of hotel staff had been to” her room in an hour’s time to “change towels & 1 to replenish the water bottles in the mini bar.” Moussouris said she “was talked over & shouted at by the two security guards.” Even though she expressed support for “their mission of enhanced security,” the hotel “dismissed” her suggestions as to how to keep women traveling alone safe.
After being roundly criticized for the security checks, in a tweet cited by Rogers the hotel said Def Con organizers “were briefed on the policy prior to the conference, and we believe they understand the need for periodic room checks,” which Caesar’s Palace said included “only a visual review of the bedroom, bathroom and additional sitting area (if any) to ensure there are no issues which require further attention.” The hotel said the officers, “who are clearly identifiable to guests,” do not inspect suitcases, drawers or personal items.
While Rogers said he appreciates that “hotels need to adapt to a new threat vector,” he called himself a “fierce advocate for privacy” who does “not support or endorse these room searches or how they are executed.”
Saying he was heartbroken over the “recent events at Ceasars (sic),” Rogers said hotels “need to take a harder look at the efficiency, impact and long-term cost of this strategy.”
And he called on attendees at Def Con, which he claims is “the spiritual home of [the hacker] community,” to help “change things for the better.”